Draft: Write policy to isolate personal namespaces to single user

[blairdrummond]

If the Profile is not labelled with created-by: aaw-kubeflow-profiles https://github.com/StatCan/aaw-kubeflow-profiles/blob/8466791696aa55f6a21a8f6784c209a56e9f9ebe/profile.libsonnet#L92 , then only the owner AuthorizationPolicy and RoleBinding should be allowed.

Additionally, we should fix this in the UI, so that the option to manage your own namespace is not present if it's a personal namespace.

@brendangadd are you OK with this?

[brendangadd]

@blairdrummond Would need evidence that this is needed, especially since Protected information is not provisioned for personal namespaces.

If we did implement this, it would need UI updates in central-dashboard to make this fact clear to the user:

• Hide contributors field
• Message explaining why

[blairdrummond]

Main thing I'm thinking is that there'd be a higher likelihood of personal access tokens for personal github, etc, in the personal namespace